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Decision  algorithms  for  some  fragments  of  analysis  and  related  areas 
D.  Cantone,  A.  Ferro,  E.  Omodeo  and  J.  T.  Schwartz 

1 .   Introduction 

This  paper  gives  (relatively  straightforward)  decision  algorithms 

for  some  fragmentary  sublanguages  of  elementary  analysis  and  related 

fields.   It  is  felt  that  the  algorithms  presented  could  form  a  useful 

part  of  the  'initial  endowment'  of  a  computerized  proof  verifier 

intended  to  facilitate  proofs  in  real  analysis.  The  specific  languages 

treated  are 

(i)  The  (un quantified)  'extended  Tarski'  theory  of  reals  with 
additional  variables  designating  continuous  real-valued 
functions.  Here  variables  of  two  types,  respectively 
representing  real  numbers  and  real-valued  functions,  exist,  along 
with  operation  signs  designating  real  addition,  subtraction, 
multiplication  and  division,  and  comparison.  Moreover,  the 
theory  also  allows  addition  and  subtraction  of  functions,  as  well 
as  their  evaluation  at  specified  real  numbers,  and  moreover 
allows  positivity,  monotonicity  and  convexity  of  functions  to  be 
asserted. 

(ii)  A  multi-dimensional  extension  of  theory  (i). 

(iii)  More  abstract  theories  of  totally  and  partially  ordered  sets  and 
monotone  functions  on  them. 
In  all  cases,  decidability  is  shown  using  a  standard  reduction 

process,  which  proceeds  by  applying  a  series  of  transformations  to  an 
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initial  fonnula  in  such  a  way  as  to  preserve  satisfiability  but  which 
is  such  that  the  resulting  formula  belongs  to  a  theory  for  which  a 
decidability  algorithm  is  already  known.  For  example,  for  language  (i) 
we  reduce  formulae  to  formulae  in  the  elementary  theory  of  reals,  which 
is  known  to  be  decidable. 

2.   The  normalization  process 

Let  T  be  an  unquantified  theory  with  equality  =,  variables 

x,y,...,  function  symbols  fi,f2,...,  and  predicate  symbols  P],P2 

Definition  2.1 .  A  formula  $  of  T  is  in  normal  form  if: 
(i)  all  terms  occurring  in  (j)  have  the  simple  form  f  (x-j , . . .  .X;^)  or 
just  X,  where  x,x^,...,Xf^  are  variables  and  f  is  a  function 
symbol ; 
(ii)  all  atoms  are  either  of  the  form  x  =  t,  where  x  is  a  variable  and 
t  a  term,  or  of  the  form  P(x-| , . . .  ,Xj^) ,  where  x-i,...,x^  are 
variables  of  appropriate  types  and  P  is  a  predicate  symbol  which 
applies  to  variables  of  these  types. 

In  dealing  with  the  decidability  problems  of  any  theory,  it  is 
advantageous  to  be  able  to  concentrate  on  formulae  in  normal  form.  To 
transform  any  formula  into  a  normal  form  formula  such  that  the  initial 
and  resulting  formula  are  equisatisf iable,  we  use  the  following  easy 
result. 

Lemma  2.2.  There  is  an  effective  procedure  to  transform  any 
formula  <))  in  T  to  a  formula  ^  in  normal  form  such  that  (p  and  ij;  are 
equisatisf iable. 

Proof :  Consider  the  following 
Normalization  Algorithm 
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WHILE  there  is  an  atom  of  the  form  tg  =  t,  or  there  is  an  atom  of  the 

form  P]  (t-|  , . . .  ,ts_-i  .ts.tg+T  , . .  .tf^)  where  t-| tj^.t  are  terms  and 

tg  ,  t  are  not  variables  DO 

Let  x^  be  a  new  variable  of  the  same  type  as  tg  and  not  occurring 

in  <p.       Add  to  <p   the  formula  x^  =  tg  and  substitute  the  variable 

x^  wherever  the  term  tg  occurs  in  ip. 
END  '^ILE; 
[Comment:  At  this  point  part  (ii)  of  Definition  2.1  holds.  To  satisfy 

also  part  (i)  we  perform  the  following  loop.] 
WHILE  there  is  a  proper  subterm  tg  v^ich  is  not  a  variable  occurring  in 

a  term  f  (t-i  , . . . ,  tg_-]  ,  tg,tg+i  , . . . ,  t^^)  DO: 

Let  x^  be  a  variable  of  the  same  type  as  the  term  tg  and  not 

occurring  in  cf). 

Add  to  <t>     the  formula  x^  =  tg  and  substitute  the  variable  x^ 

3  S 

wherever  a  term  tg  occurs. 
EI'ID  WHILE; 

It  is  clear  that  each  step  of  the  above  algorithm  preserves 
satisfiability.  Therefore  the  final  formula  4)  produced  by  the 
algorithm  satisfies  the  assertion  of  the  lemma. 

Definition  2.3.  A  normal  form  formula  c^)  of  t  is  a  standard  normal 
form  formula  if  it  is  a  conjunction  of  literals  of  the  types 
(=)    ^]    =  ^2   7       xi  =  fCy^ ....  .y^^) 
U)          ^1    ^  ^2 
(P)    P{x^,..,x^) 
C\P)        ~\PU^,...,xJ, 
where  x-,^ , . . .  ,x^   ,   y-] yj^  are  variables. 
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Let  S  be  the  class  of  all  formulae  of  T  in  standard  normal  form. 
Then  we  have  the  following 

Lemma  2.4.  T  is  decidable  if  and  only  if  S  is  decidable. 

Proof:  Clearly  any  algorithm  for  testing  satisfiability  of 
formulae  in  T  is  an  algorithm  for  testing  satisfiability  of  formulae  in 
S.  Conversely  let  A  be  an  algorithm  which  tests  satisfiability  in  S, 
and  let  <p  be  any  formula  in  T.  By  applying  the  normalization  process 
to  9,  we  get  a  normal  form  formula  ij)  such  that  0  and  \li  are 
equisatisfiable.  At  this  point  we  can  put  ^  in  disjunctive  normal  form 
obtaining  a  formula  4^1  v  . . .  v  ijjj^  ,  where  all  4)j_  are  conjunctions,  and 
we  may  assume  that  each  ^^   is  in  standard  normal  form,  because  any 

literals  in  it  of  the  type  |  (x^  =  f(yi y^^))  can  be  replaced  by 

the  conjunction  |  (x-|  =X2)  &  (x2  =  f  (y-] , . . .  .y^^) )  by  introducing  a 
variable  X2  which  occurs  nowhere  else.  Since 

<p   is  satisfiable  ■<-►  '|  is  satisfiable 

*-->■  ^i   is  satisfiable  for  some  i, 

and  since  all  transformations  used  to  build  conjunctions  ii-\  , . . . ,  \i>^  are 
effective,  our  lemma  follows.  Q.E.D. 

In  the  following  sections  we  will  use  these  elementary  concepts 
and  results  freely,  without  specific  reference. 
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3.   'Extended  Tarski'  theory  of  reals  with  continuous  functions. 

In  the  extension  of  Tarski  theory  of  reals  considered  in  this 
section  we  allow  two  kinds  of  variables,  namely  real  variables, 
x,y,...,  and  function  variables  f,g,...  .  Constants  0,1,  both 
numerical  and  functional  are  also  allowed.  We  distinguish  two  kinds  of 
terms,  namely  numerical  terms  and  functional  terms,  as  follows: 

Definition  3. 1 •  Numerical  terms  are  defined  recursively  by: 
(i)   Any  real  variable  x,y,...  or  constant  0,1  is  a  numerical  term, 
(ii)  If  ti,t2  are  numerical  terras,  then  (tT+t2),  (t-|-t2)i  (tT*t2)i 

(ti/t2)  are  numerical  terms, 
(iii)  If  t  is  a  numerical  term  and  f  is  a  function  variable,  then  f(t) 

is  a  numerical  term, 
(iv)  An  expression  is  a  numerical  term  just  if  it  can  be  shown  to  be 
so  on  the  basis  of  (i),  (ii) ,  (iii)  above. 
Functional  terms  are  defined  recursively  as  follows: 
(i')    Any  function  variable  f,g,...  and  constants  0,1  are  functional 

terms, 
(ii')   If  t-|,t2  are  functional  terms,  then  (t-]+t2),   (ti-t2)  ace 

functional  terras, 
(iii')  An  expression  is  a  functional  term  just  if  this  follows  from 

(i')  and  (ii'). 
Having  defined  the  terms  allowed  by  our  small  language,  we  now  proceed 
to  define  the  family  of  formulae  comprising  the  extension  of  Tarski 's 
theory  of  reals  that  we  want  to  discuss.  First  of  all  we  define 
'atoms'.  An  atom  is  an  expression  of  one  of  the  following  forms: 
t-i  =  t2  ,  t^  <  t2  ,  ni  =  n2  .  ni  <  n2  .  up(rii  ,ti  ,t2) , 
strict_up(n-]  ,t-|  ,t2) ,      down(ni  .t]  ,t2) ,      strict_down(ni  ,ti  ,t2) , 
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convex(ni  ,t-|  ,t2)  I  concave(ni  it]  ,t2) .  where  ti,t2  are  numerical  terms 
and  nT,Ti2  ^^^  functional  terms.  (The  intended  meaning  of  up, 
strictjup,  etc.  will  be  defined  below.)  Finally,  we  define  a  formula 
in  the  theory  of  Reals  with  Monotone  and  Convex  Functions  (RMCF)  to  be 
any  boolean  combination  of  atoms. 

Let  4)  be  a  formula  in  RMCF. 

Definition  3-2.  An  interpretation  M  of  the  symbols  of  4)  is  a  real 
model  of_  <})  if: 

(1)  For  any  real  variable  x,  the  value  Mx  associated  to  x  is  a  real 
number. 

(2)  For  any  function  variable  f,  Mf  is  an  everywhere   defined 
continuous  real  function  of  a  single  real  variable. 

(3)  The  truth  value  assigned  to  <^  by  the  following  rule  is  the  value 
true: 

Let  t^,t2  be  numerical  terms,  let  r|-|,n2  be  functional  terms,  and 
assume  that  Mt-| ,  Mt2,  Mm,  Mn2  are  interpretations  assigned  to 
them  by  the  model  M  in  the  standard  way.  Then 

(3a)    t"!  =  t2  (resp.  t^  <  t2)  is  true  if  and  only  if 
Mt^  =  Mt2  (resp.  Mt^  <  Mt2) 

(3t))    rii  =  ri2  (resp.  m  <  12)  is  true  if  and  only  if 
Mn-]  =  Mri2  (resp.  Mm  <  Mri2)  pointwise 

(3c)    up(ni,ti,t2)  (resp.  strict_up(m  ,t-| ,  t2) )  is  true 

if  and  only  if  Mt-]  >_  Mt2  ,  or  Mt-|  <  Mt2  and  the  function 
Mn-]  is  monotone  nondecreasing  (resp.  strictly  increasing)  in 
the  interval  [Mt^,Mt2]. 

(3d)    convex ( n-]  ,t]  ,t2)  is  true  if  and  only  if  Mt-|  >^  Mt2  or 
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Mt"!  <  Mt2  and  the  function  Mm  is  convex  in  the  interval 
[Mt-,,Mt2]. 

(3e)    The  truth  values  of  downCm  ,t-|  ,t2) ,  strict_down(rii  ,  t-| ,  t2) 
concave(ni , t^ ,t2)  are  defined  in  a  manner  completely 
analogous  to  the  corresponding  definitions  (3c),  (3d),  with 
the  sole  difference  that  increasing  and  decreasing  have  to  be 
interchanged  and  concave  has  to  be  read  in  place  of  convex. 

Observe  that  formulae  ti  =  t2  -  t3  ,  t-]  >  t2  where  ti,t2,t3  are 
either  numerical  or  functional  terms  are  respectively 
equisatisf iable  with  t2  =  t-| +t3  and  t]  =  t2+v  &  v  >  0,  where  v  is 
a  variable  of  the  appropriate  type.  Likewise  formula  t-i  =  t2/t3 
is  equisatisfiable  with  t3  ^  0  &  t2  =  tyt^  .  Moreover  if  x  and  y 
are  real  variables,  then  x  i^  y  is  equivalent  to  x  <  y  v  x  >  y. 
Therefore  it  is  easy  to  see  that  by  applying  an  elementary 
normalization  process  of  the  kind  described  in  the  preceding 
section  we  can  without  loss  of  generality  consider  only  sets  of 
clauses  each  of  which  has  one  of  the  following  types: 


(+) 

x  =  y  +  z 

(0 

X  =  y  •  z 

(» 

x  >  0 

(f) 

X  =  f(y) 

(f+) 

f  =  g  +  h 

(f^) 

f  ^  g 

(f» 

f  >  0 

(u-d) 

up(f,x,y). 

down(f ,x,y) 
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(strict)     strict_up(f ,x,y) ,     strict_dovm(f ,x,y) 

(~|   u-d)     ~|   up(f,x,y),        I   down(f,x,y) 

(  I  strict)   j  strict_up(f ,x,y) ,   |  strict_down(f ,x, ) 

(con)    convex(f ,x,y) ,  concave (f,x,y) 

(  I  con)     I  convex(f ,x,y) ,   |  concave(f ,x,y) , 

where  x,y,z  are  real  variables  and  f,g,h  are  function  variables, 

In  order  to  show  that  the  theory  RMCF  is  decidable,  we  will 
exhibit  a  simple  reduction  that  can  be  applied  to  a  given  initial 
formula,  and  that  yields  a  formula  with  the  following  properties: 

(a)  no  function  variable  occurs  in  the  resulting  formula 
(therefore  in  particular  only  clauses  of  the  types  (+,«,>)  can  occur); 

(b)  the  initial  and  the  resulting  formulae  are  equisatisf iable. 
Note  that  (a)  and  (b)  combined  with  the  basic  result  that  formulae 
involving  only  clause  of  the  types  (+,•,>)  are  decidable  (see  [Tar51], 
[C0I75])  implies  the  decidability  of  the  theory  RMCF. 

To  do  this,  let  4)  be  a  formula  of  RMCF,  which  by  Lemma  2.4  and  by 
the  foregoing  discussion  can  be  assumed  to  be  a  conjunction  of  clauses 
of  the  types  (+)-(~|  con)  listed  above.   We  begin  by  treating  all 
clauses  containing  a  negation.   The  reason  for  this  is  that  any 
negative  clause  involving  a  function  symbol  (except  as  a  numerical 
term;  see  Definition  3.1)  can  be  viewed  as  an  implicit  existential- 
assertion  whose  quantifier  is  easy  to  eliminate  by  adding   all 
instantiation  of  the  quantified  body  to  our  set  of  clauses.  More 
specifically,  we  proceed  as  follows: 
Simplification  Step  1  : 
(la)   For  any  literal  f  4     g     occurring  in  <\>,      introduce  three  new 
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variables  Xi,x2,y  and  replace  f  ?^  g  by  the  formula  x-]  =  f(y)  & 
^2  =  g(y)  &  X]  ;^  X2  (as  previously  noted,  we  can  use  X]  >  X2  v 
X2  >  X-]  in  place  of  x-|  ^  X2  but  for  reasons  of  clarity  we  do  not 
insist  on  noting  such  simplifications  at  every  step  of  what 
follows) . 
(lb)  Replace  any  literal  |  up(f,x,y)  (resp.  |  strict_up(f ,x,y) )  in 
(|)  by  a  formul. 


A  &  w-i    >  W2         (resp.   A  &  w^    >_  W2) , 


where  A  =  x_<ZT<Z2ly&w-|=  f(zi)  &  W2  =  f(z2)  and  where 
z^,Z2,wi,W2  are  newly  introduced  variables.  Make  analogous 
substitutions  for  literals  j   down(f,x,y)  and 

I    strict_down(f ,x,y) . 
(Ic)       Replace  any  literal     j   convex(f ,x,y)   (resp.         |   concave(f ,x,y) ) 
by  the  formula 

3&   (w2-w-| )  (Z3-Z1 )    >  (Z2-Z1 )  (w3-w-| ) 

(resp.   B&  (w2-wt)(z3-z-|)   <   (z2-zt  )  (w3-wi ) ) , 
where 
B  =  X  <_  z^    <   Z2  <   Z3  <_  y  Sc  w-|    =  f  (z^ )   &  W2  =  f(z2)   &  W3   =  f(z3) 

and  where  Zi,z2,Z3,  w-],W2,W3  are  newly  introduced  real 
variables.  (The  formula  above  just  expresses  the  existence  of 
three  points  z-[,z2,Z3,  such  that  (Z2,f(z2))  lies  above  (resp. 
below)  the  straight  line  joining  the  two  points  (zi,f(z]))  and 
(Z3,f(z3)).) 
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Let  ij)-]  be  the  resulting  formula;  then  it  is  easy  to  see  that  (p  and 
<t>]  are  equisatisfiable.  Indeed  clearly  any  model  of  ()>  is  a  model  of 
(j)-]  .  Conversely  let  M  be  a  model  of  (p]  .  Then  it  follows  easily,  e.g., 
that  if  f  ?^  g  is  in  (f)  then  Mf  /  Mg.  In  fact  by  step  (la)  a  formula  x-] 
=  f(y)  &  X2  =  g(y)  &  x-|  j^  X2  is  present  in  (p^  .  Therefore  since  M  is  a 
model  for  (p  we  have  Mx-]  =  (Mf)(My),  Mx2  =  (Mg)(My)  and  Mx-]  ^  Mx2  ,  that 
is  (Mf)(My)  ?^  (Mg)(My),  which  in  particular  shows  that  (Mf)  /  (Mg) .  It 
can  be  established  in  much  the  same  way  that  steps  (lb)  and  (1c)  do  not 
disrupt  satisfiability  of  (p.  Normalizing  $1  again  and  using  Lemma  2.4, 
we  can  assume  without  loss  of  generality  that  (p-^  is  a  conjunction  of 
literals  of  the  following  types  (+, •, >,f ,f+,f>,u-d,  strict,  con). 

We  now  show  how  all  literals  containing  function  variables  can  be 
eliminated.  For  this,  we  apply  the  following 

Preparatory  Step  2 ; 

For  any  real  variable  x  which  occurs  as  argument  of  any  function 
variable  or  as  a  bound  in  a  literal  of  the  type  (u-d,  strict,  con)  and 
for  any  function  variable  f  occurring  in  ip-^  ,  introduce  a  new  variable 
z^  f  and  add  the  formula  z^  f  =  f(x)  to  (p]  ,  unless  a  literal  y  =  f(x) 
exists  already. 

Let  (p2  be  the  resul:ing  formula.  Since  each  newly  introduced 
variable  z^  ^  appears  in  just  one  equality  literal,  it  is  clear  that  <Pi 
and  (p2  are  still  equisatisfiable  at  this  stage.  Note  that  Step  2  is 
applied  simply  in  preparation  for  the  elimination  of  all  (u-d,  strict, 
con)  clauses;  it  serves  only  to  ensure  that  all  potentially  significant 
implicit  function  evaluations  appear  explicitly.  We  are  now  ready  for 
step  3. 
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Simpllf ication  Step  3 

(3a)       For     each     quadruple  of  literals  x  =  f(y),  x'   =  g(y),  x"  =  h(y), 

f  =  g  +  h,  add  X  =  x'   +  x". 
(3b)       For  each  pair  of  literals  x  =  f (y) ,  f  >  0  add  x  >  0. 
(3c)       For  each  pair  of  literals  x  =  f(y-|),  x'   =  f(y2)  add  the     formula 

y-|    =  y2  -^  X  =  X'. 
(3d)       For     each     triple     of     literals     x  =  f(y),  x'   =  f(y'),  up(f,v,w) 

(resp.     down(f,v,w))  add  the  formula  v<_y<y'_<w     ->■     x     <_    x' 

(resp.     v<_y<y'_<w>x>_x') 
(3e)       For     each     triple     of     literals     x     =     f(y),     x'     =     f(y'),     and 

strict_up(f ,v,w)    (resp.     strict_down(f ,v,w))  add  the  formula 

v<_y<y'_<w>x<x'      (resp.  v_<y<y'_<w*x>  x') 

(3f)       For  each  quadruple  of  literals  x  =  f (y) ,   x'  =  f (y) ,  x"  =     f(y"), 
convex(f ,v,w)    (resp.     concave(f ,v,w) )  add  the  formula: 

V  <_  y'   <  y  <  y"  <_  w  -  (y-y') '(x-'-x')   >_  (x-x' )  •(y"-y' ) 

(resp.  v<_y'  <y<y"<w->  (y-y' ) -(x-'-x' )  <_  (x-x') -(y-'-y') ) . 
(Observe  that  the  implication  above  says  just  that  the  'point' 
(y,x)  is  above  (resp.  under)  the  straight  line  which  passes 
through  the  'points'  (y',x')  and  (y",x")  in  a  plane-coordinate.) 
(3g)   Drop  all  literals  involving  any  function  variable. 

Let  $2  be  the  formula  obtained  by  execution  of  step  3-  Then  (|)3  is 
a  formula  involving  only  real  variables,  the  arithmetic  operators  +,  -, 
•  and  the  predicates  =,<,<_,  i.e.  isa  function  of  the  polynomial 
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theory  of  reals,  which  is  decidable  by  Tarski's  famous  result  [Tar51J. 
Thus  to  prove  that  the  theory  RMCF  is  decidable  we  only  need  to  show 
that  (i>2   and  (fj  are  equisatisfiable,  which  we  do  as  follows. 

First  of  all,  since  all  formulae  introduced  by  step  3  are 
consequences  of  (^2   »  any  model  of  4)2  is  also  a  model  of  (^^   • 

Conversely  let  M  be  a  model  of  ())o  .  We  will  show  how  to  extend  M 
in  a  manner  allowing  all  function  variables  to  be  interpreted  in  such  a 
way  as  to  satisfy  all  clauses  of  type  (f ,f+,f >0,u-d, strict, con) .  Also, 
for  this,  let  V  be  the  set  of  all  real  variables  occurring  in  <p2  as 
arguments  of  seme  function  variable,  and  put  MV  =  {My|yeV}.  For  any 
function  variable  f  occurring  in  4)2  we  define  a  corresponding  function 
F  having  domain  MV,  by  putting 

(1)   F(My)  =  Mx  if  a  literal  x  =  f(y)  occurs  in  <p2   . 

The  following  easy  lemma  gives  us  what  we  now  need. 

Lemma  3.3.  For  any  function  variable  f  in  (|)2  ,  the  corresponding 
function  F  defined  by  (1)  is  single  valued  and  has  domain  MV. 

Proof:  The  only  reason  for  which  F  could  fail  to  be  single  valued 
is  that  (fp  contains  two  literals  x  =  f(y),  x'  =  f(y'),  while  My  =  My' 
and  Mx  ^  Mx'.  But  this  is  impossible,  since  in  such  a  case  step  (3c) 
would  have  introduced  a  literal  y  =  y'  -^  x  =  x'  ,  which  force  Mx  =  Mx'. 
Moreover,  as  observed  just  after  the  text  of  step  2,  all  function 
variables  are  evaluated  in  the  same  set  of  real  variables,  therefore  it 
follows  that  the  domain  of  any  function  F  is  just  MV.  □ 

It  just  remains  to  extend  our  model  functions  F  to  the  whole  real 
axis.   This  can  be  done  by  the  obvious   procedure   of   linear 
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interpolation.   More  specifically  let  ni  ,112.  •  •  •  »nr  ^^   the  elements  of 
MV,  taken  in  increasing  order.  Then  for  any  real  n  we  put 

(F(ni)  if  n  <  ni 

(2)   (Mf)(n)   =       "^  "^^      (F(ni.i)-F(ni))>F(ni)     if  ni<n<ni+i ,   i^tl , . . .  ,r-1 } 
"i+l    ^i 

FCiip)  if  np<.  n 

Then  for  any  function  variable  f  in  (j)2  ,  Mf  is  a  continuous  function. 
Moreover,  it  follows  at  once  by  (1)  and  (2)  that  all  clauses  of  type 
(f)  in  (f)2  are  correctly  modeled.  We  show  now  that  clauses  of  type 
(f+,f>,u-d, strict, con)  are  also  satisfied. 

For  this,  let  f  =  g  +  h  be  a  literal  of  ^2  •  ^'e  want  to  show  that 
for  any  real  ri,  (Mf)(n)  =  (Mg)(n)  +  (Mh)(n).  But  this  is  clear  if 
either  n  <  n-|  ,  or  n  >  n^.  .  or  n  =  nj_  for  seme  i  =  l,...,r,  by  (1),  (2) 

and  step  (3a).  Moreover,  if  n^  <  n  <  nj_+-i  •  for  sane  i  =  1 r,  then 

n-n 


(Mf)(n)  = i_  (F(ni+l)-F(ni))  +  F(ni) 


=  — --  (G(ni+i)+H(ni+i)  -  G(ni)  -  HCm))  +  GCm)  +  H(ni) 
^i+l  ^i 

=  —  '^—  (G(ni^l)-G(ni))  *  G(ni)  +  ^^^li-  (HCm^l  )-H(ni))+H(ni) 
^i+T'^i  ^i+1"^i 

=  (Mg)(n)  +  (Mh)(n)  . 

This  establishes  that  every  clause  f  =  g  +  h  is  satisfied.  It  is  also 
clear  by  (1),  (2)  and  step  (3b)  that  any  literal  f  >  0  is  correctly 
modeled.  By  (1),  (2)  and  in  view  of  the  clauses  added  in  steps  (3d) 
and  (3e)  it  follows  easily  that  literals  (u-d, strict)  are  also 
satisfied.  Finally,  let  convex(f ,x,y)  be  a  clause  of  ip^  •  If  Mx  _>  My, 
then  M  satisfies  the  clause  convex(f ,x,y)  which  is  void.  Otherwise  Mx 
<  My;  let  Mx  =  Hi  and  My  =  rij  ,  with  i  <  j,  i,  j  e  (1  ,  . . .  ,r}.   If  Mf 


i     t '-  J 


2/.-:-x_o 


■:i    noi. 


-14- 
coincides  just  with  the  strai^t  line  passing  through  the  points 
(ni,(Mf )(ni))  and  (nj,(Mf) (hj) ) ,  then  clearly  Mf  is  convex  (strict 
convexity  is  not  required!)  in  the  interval  [rii.rij]-  On  the  other  hand 
if  Mf  is  not  a  straight  line  in  the  interval  [ni.rijJ,  then  by  step  (3f) 
the  graph  of  Mf  is  the  union  of  convex  pieces.  It  follows  therefore  by 
an  elementary  argument  that  Mf  is  convex  in  the  interval  [ni.nj].  Thus 
in  both  cases  Mf  is  convex  in  the  interval  [Mx.My],  which  shows  that  M 
satisfies  the  clause  convexCf ,x,y) .  Since  M  satisfies  all  purely 
arithmetic  clauses  in  (^2  of  type  (■*•,•,>),  it  follows  at  once  that  M  is 
a  model  of  (^2   •  Q.E.D. 

This  completes  the  proof  of 

Theorem  3-^-     The  theory  RMCF  is  decidable. 

Remark.  Note  that  the  restriction  of  the  theory  RMCF  in  which 
neither  multiplication  between  real  variables,  nor  the  predicates 
'convex'  and  'concave'  are  allowed  can  be  decided  more  efficiently  by 
application  of  a  linear  programming  algorithm  ([Dan63]).  The  reason 
why  a  'convex'  and  'concave'  predicate  are  not  allowed  in  this  simple 
case  is  that  using  these  predicates  and  'strict  up'  also  it  is  possible 
to  express  the  assertion  that  a  function  is  a  strictly  increasing 
straight  line,  and  hence  it  is  an  easy  matter  to  express  the  product 
relationship  among  real  variables.  Hence  a  theory  allowing  convexity 
to  be  asserted  along  with  the  other  predicates  we  have  listed  can  be 
used  to  express  any  relationship  admitted  in  Tarski  arithmetic,  making 
it  plain  that  no  such  theory  can  admit  a  decision  algorithm  as 
efficient  as  simple  linear  programming. 
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4.    'Extended  Tarski'  theory  of  reals  with  multivariate  continuous 
functions. 

For  the  sake  of  simplicity,  we  will  only  consider  the  case  in 
which  all  function  variables  have  the  same  arity  n.  The  general  case, 
that  is  when  functions  having  different  arity  are  allowed,  can  be 
easily  reduced  to  this  simpler  theory  by  an  obvious  treatment  by  cases. 
Again  we  allow  two  kinds  of  variable,  namely  real  variables  x,y,..., 
and  n-ary  real  function  variables  f,g,...  .  Constants  0,1,  both 
numerical  and  fuiictional,  are  also  allowed.  Numerical  and  functional 
terms  are  defined  as  in  Definition  3-1 .  with  the  obvious  replacement  of 
condition  (iii)  by 

(iii-|)  If  t-|,...,tf^  are  numerical  terms  and  f  is  a  function  variable, 
then  f  (ti , . . .  ,tf^)  is  a  numerical  term. 

We  define  the  family  of  formulae  of  the  theory  of  reals  with  monotone 
multivariate  continuous  functions  (RMMCF)  as  follows.  An  atom  is  an 
expression  of  one  of  the  following  forms:  t-]  =  t2  ,  t-|  <  t2  ,  ni  =  n2  » 
ri-|  <  n2  .  up(ni  ;t-|  ,u-]  ;  ...;  t^.Uj^),  strict_up(rii  ;  ti,U];  ...;  tf^,Un), 
where  t-| ,  t2,  •  •  • ,  tj^,  u-],...,u^  are  numerical  terms,  and  m  ,  12  ^^^ 
functional  terms.  (Observe  that  no  predicate  'convex'  or  'concave'  is 
allowed  in  this  theory.)  A  formula  in  RMMCF  is  defined  to  be  any 
Boolean  combination  of  atoms.  The  intended  meaning  of  the  predicates 
■^p,  strict_up,  etc.  which  appear  above  is  defined  as  follows.  Let  (J) 
be  a  formula  in  RMMCF. 
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Def inition  4.1 .      An  interpretation  M  of  the     symbols     of     (f)     is     a 
model  of  (p  if: 

(1)  For     any     real     variable  x,   the  value  Mx  associated  to  x  is  a  real 
number. 

(2)  For  any  function  variable  f ,  Mf  is     an     everywhere     defined    n-ary 
continuous  real  function. 

(3)  The     truth     value  assigned  to  ^  by  the  following  rule  is  the  value 
true : 

Let  t"! ,  t2,  •  •  •  .t^,     u-|,...,Uf^     be     numerical     terms     and     rii,n2     oe 

functional     terms,     and  assume  that  Mt-] Mt^,  Mu-| , . . .  jMu^,  Mm, 

Mri2  are  the  interpretations  assigned  to  them  by  the  model  M  in  the 

standard  way.     Then 

(3a)     t"!      =     t2     (resp.     t-j   <  t2)    is  true  if  and  only  if  Mt-|    =  Mt2 

(resp.     Mti   <  Mt2). 
(3b)     rii    =  ri2  (resp.     m   <  n2)   is  true  if  and  only  if    Mm      =    Mn2 

(resp.     Mn-|    <  Mn2)  pointwise. 
(3c)     up(nT  ;t-i  ,u-|  ;. . .  ;tf^,Uj^)        (resp.         strict_up(m  jt^  ,ut  ;     ...; 
t^.u^))   is  true     if     and     only     if     for     every     (aT,...,an), 
(6T,...,6n)   t   [Mti.Mui]   x    ...      x   [Mtn,MUn],   with  a^  <  Si  for 
all   i  =     1,...,n,     and     Ci     <     Bi     for     some     j  t   {1,...,n}, 
(Mn-i  )(ai  ,  ..  ..a^)   <.  (Mm)(6i  ,  . .  .,6n)    d^esp.      (Mm  )  (oil  , .  •  •  .a^) 
<   (Mni)(Bi  ,...,6^))- 
By  applying  a  normalization     process     of     the     kind     described     in     the 
preceding     section,     we     can     reduce  the  satisfiability  problem  for  the 
theory  RMMCF  to  the  satisfiability  problem  for  conjunctions  of  liter._3 
of  the  following  types: 
(+)       X  =  y  +  z 
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(.)   X  =  y  •  z 
(»   X  >  0 

(f)   X  =  f(yT,...,yn) 

(f+)  f  =  g  +  h 

(f^)  f  ^  g 

(f>)  f  >  0 

(up)  up(f;  x^.YT  ;  ...  ;  Xn,yn) 

(strict_up)  strict_up(f;  x^.y-j,;  ...;  x^^.yj^) 

(~|up)    I  up(f;  X^,yy,    ...  ;  X^.yn) 

(  |strict_up)   |strict_up(f  ;xi  ,yi  ;. . .  ;Xr^,yj^) 

where  x,y,z,  x^, . . . ,x^,  y],...,Y^   are  real  variables,  and 
f,g,h  are  function  variables. 

In  analogy  with  the  theory  of  reals  with  monotone  and  convex  continuous 
functions  discussed  in  the  preceding  section,  we  will  prove  that  the 
theory  RMMCF  is  decidable  by  showing  how  a  conjunction  of  literals  of 
the  types  (+)  -  (  |  strict_up)  listed  above  can  be  reduced  to  a 
conjunction  involving  only  literals  (+,  •,  <).  Tarski's  result 
concerning  the  real  field  (see  [Tar51 ])  will  then  imply  the 
decidability  of  RMMCF. 

Let  $  be  a  conjunction  of  literals  each  of  which  is  of  one  of  the 
types  (+)  -  (  I  strict  up)  above.  We  apply  the  following 
simplification  steps  to  (p,  to  eliminate  all  literals  other  than  those 
of  type  (+,  •,  <). 
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Simplif ication  Step  1. 
(la)   For  any  literal  f  ?^  g  occurring  in  4),   introduce  new  variables 

x-|,X2,  y-\,...,y^     and  replace  f  ?^  g  by  the  formula  x-j  = 

f(yi,---.yn)  &  X2  =  g(yi y2)  &  ^i  ^  ^z  - 

(lb)   Replace  any  literal   |  up(f;  ^],Vi;       •••;   ^n'Yn^   (resp. 
I  strict_up(f;  x-|  ,yi  ;  ...;  x^.yn))  by  the  formula 

A  &  u-]  >  U2  (resp.  A  &  u-]  _>  U2)  , 

n  n 

Where  A  =  &  (xj_  <_  Wj_  <_  Zj_  <_  yj_)  &  V  (wj_  <  z^) 
i=l  i=1 

&  U-]  =  f  (w-| ,  . . .  ,vi^)   &  U2  =  fiz] z^) 

and  where  wi,...,w^,  zi,...,Zj^,  u-| ,  U2  are  newly  introduced 

variables.  (Note  that  the  formulae  above  simply  express  the 

fact  that  the  interval  [xi,y-jj  x  ...  x  [Xf^.yj^]  contains  two 

points  (w-| , . . .  ,Wj^) ,  (z-j ,  . . .  ,Zj^)  which  falsify  the  predicate 

up(f;  Xi,y-|;  ...;  x^^.y;^)  (resp.   strict_up(f;  x-|,y-i;  ...; 

Xj^.y^))  according  to  (3c)  of  Definition  4.1.) 

Let  (pi    be  the  formula  into  which  <})  is  transformed  by  application  of 

this   simplification   step.    It   is   clear  that  (p  and  4)-|   are 

equisatisf iable.   It  therefore  follows  that  ^^    can  be  taken  to  be  a 

conjunction  of  literals  of  the  following  types  (+,  •,  >,  f,  f+,  f>,  up, 

striot_up).  Simplification  Step  1  eliminates  literals  of  type  (f?^, 

"l  up,  ~|strict_up) .   To  eliminate  the  remaining  clauses  involving 

function  variables,  namely  those  of  type  (f,  f+,  f>,  up,  strict_up),  we 

then  subject  (p-^    to  the  following 
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Simplif ication  Step  2. 

For  every  i  =  1,...,n,  let  Vj_  be  the  set  of  real  variables  which 
occur  either  as  the  i-th  argument  of  some  function  variable  in  (p-^  or  as 
left  or  right  (i+1)-st  argument  of  a  predicate  of  type  up,  strict_up  in 
(})1  .  In  other  words,  Vj^  is  the  set  of  all  variables  which  take  values 
in  the  i-th  factor  space  of  the  product  space  R^.     For  any  E,   = 

(Ci Cpj)  e  V-|  X  ...   X  Vj-^  and  any  function  variable  f  occurring  in 

c})-]  ,   introduce  a  new  real  variable  Zf  r   ,  and  add  the  formula  Zf  ^^  = 
fCCl , .. .  ,5n)'  iJnless  a  literal  y  =  f(Ci,.-.,Cn)  exists  already. 

Call  the  resulting  formula  ^o.  Clearly  $0  is  equisatisfiable  with 
cf)-]  .  Once  this  has  been  done,  apply  the  following 

Simplification  Step  3. 

(3a)   For   each   quadruple  of  literals  x  =  f (yi , . . . .y^) .  x'  = 

g(yi,...,yn).  X"  =  h(yi,---.yn)'  f  =  g  +  h,  add  x  =  x-  +  x". 

(3b)   For  each  pair  of  literals  x  =  f (y] , . . . ,yn) ,  f  >  0,  add  x  >  0. 

(3c  j   For  each  pair  of  literals  x  =  f  (y-j , . . .  ,yn) .  x'  =  f(yf,...,yn) 

add  the  formula 


n 

^  (yi  =  yp  -^  X  =  X' 

i=1 


(3d)  For  each  triple  of  literals  x  =  f  (y-] , . . .  ,yn) .  x'  =  f  (yf ,  •  •  •  .y/i) . 
up(f;  Vi,w-i;  ...;  v^.w^^)  (resp.  strict_up(f ;  v-]  ,wi  ;  ...;  v^.w^)) 
add  the  formula 


B  -►  X  <  x'      (resp.    B  ^-  x  <  x') 
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""  n  , 

where  B  =  &  (v^  £  y^  <  y[  <  w^)  &  V  (7^  <  y[)  . 

i=l  1-^ 


(3e)   From  (^2,   drop  all  literals  involving  any  function  variable. 

Let  $0  be  the  formula  produced  by  Simplification  Step  3-  Observe  that 
$3  is  a  formula  of  the  polynomial  theory  of  reals,  which  is  known  to  be 
decidable  [Tar51  ].  Therefore  in  order  to  prove  the  decidability  of  the 
theory  RMMCF,  it  suffices  to  show  that  Simplification  Step  3  preserves 
satisfiability,  namely  that  <p2  and  <p-^  are  equisatisf iable.  This  can  be 
done  as  follows.  Since  all  formulae  added  by  step  3  are  consequences 
of  92  (cfr.  Definition  ^.1),  it  follows  at  once  that  any  model  of  ^2 
can  be  extended  to  a  model  of  4)o.  Conversely,  let  M  be  a  model  of '93. 

It  follows  in  virtue  of  the  formulae  added  in  simplification  steps 
2  and  3  that  the  presence  of  a  formula  f  =  g  +  h  in  $  implies  that 

(Mf  )(u-| ,  ....u^)  =  (iMg)(u-| u^)  +  (Mh)(u-| ,  ...,Ur^) 

for  all  (ui,...,Uf^)  s  D,  where  D  =  MV-j  =<  . . .  x  MV^  .  Similarly,  the 
presence  of  a  formula  f  >  0  in  <{)  implies  that  (Mf )  (u^ , . . .  ,Uf^)  >  0  for 
all  (u-|,...,Un)  e  D;  and  if  up(f  ;X]  ,y-]  ;. . .  ;Xr^,yn)  (resp. 
strict_up(f  ;xi  ,y-|  ;. . .  ;xKi,yf^))  belongs     to     $,     then     (Mf )  (u-] ,  . . .  ,Uf^)     ^ 

(Mf)(v^ v^)      (resp.      (Mf ) (ui , . . . ,Un)   >  (Mf ) (vi , . . . ,Vn) )  for  any  two 

distinct  (u^ ,  . . .  ,Uj^)  e  D,  (v-] , . . .  ,v^)  e  D  such  that  Hy^  >  Uj_  >  Vj_  >  Mx-^ 
for  all  i  =  1 , . . . ,n. 

The  fact  that  <p2  and  ^^  are  equisatisf  iable  will  therefore  follow 
immediately  frcm  the  following  elementary  extension  lemma. 

Lemma  4.2.  For  each  i  =  l,...,n  let  u^^^  <  ...  <  u^^^.  be  a 
finite,  strictly  increasing  sequence  of  real  numbers.  Let  D  be  the 
product  set 


V  '«!<. 


"^0  1    \\  .^V . 


'£.-!,: 


i  (r,V. 


-21- 
D  =  {uP,....u^l^}><  ....  {u(^^ u^"^)}. 

Let  $  be  the  space  of  all  real  valued  functions  defined  on  D.  Then 
there  exists  a  systematic  procedure  for  extending  each  of  the  functions 
f  t  $  to  a  continuous  real- valued  function  Ef  defined  on  all  of  R^, 
which   is   such   that  E(f+g)   =  Ef  +  Eg,  and  (Ef ) (x^ . . . .x^)  > 

(Eg)(x^ x^)  (resp.   (Ef)(xi x^)  >  (Eg)  (xi , . . .  .x^) )  for  all 

(x^,...,Xj^)   £   r"   whenever   f(u-| u^)  ^  g(u-| , . . .  .u^)  (resp. 

f  (u-| , . . .  ,Uf^)  >  g(u-| , . . .  ,Uf^) )  for  all  (u-| , . . .  ,Uj^)  e  D.   Moreover,  if 

(X-|,...,Xn)  e  D,  (Y-| Y^)  e  D  and  f  satisf  ies  f  (u-| , . . .  ,Un)  ^ 

f  (v^ ,  ., .  ,Vi^)  (resp.  f  (ui , . .  .,Uf^)  >  f  (v-| ,  . . .  ,Vj-^) )  for  any  two  distinct 

(u-| , . .  .,Uf^)  e  D,  (v-| v^)  t  D  such  that  Yj_  >  u^  ^  Vj^  >  X^   for  all 

i  =  1,...,n,  then  Ef  satisfies  (Ef  )(y^ , . . .  .y^^)  >  iEf)ix-\,...,x^)  (resp. 
(Ef)(y-| , .  ,.,y^)    >    (Ef)(x-| , . .  .,Xn))    for    any   two   distinct 

(yi,...,yn)  £  ^^'    '^Xi Xj^)  £  r'^  such  that  Y^  >  y^  >  x^  >  X^, 

i  =  1 , .. .,n. 

Proof :  We  proceed  by  induction  on  the  dimension  n.  Suppose  that 
n  =  1.  Then  Ei  f  can  be  defined  as  the  function  which  is  linear  in 
every  interval  between  two  points  u^^  ,  u]^||  and  which  agrees  with  f  at 
each  of  the  points  u['''.  It  is  also  appropriate  to  define  Ef  to  be 
constant  in  the  two  semi-infinite  intervals  x  <  u]  '  ^  and  x  S  Ur^y  . 

This  same  definition  can  be  applied  to  the  space  of  functions  f 
with  values  in  any  partially  ordered  vector  space,  and,  in  particular, 
to  functions  f  whose  values  belong  to  the  space  of  continuous 
real-valued  functions  of  n-1  variables  g(u2, . . .  ,Upj) .  In  all  such  cases 
we  have  E-|(f+g)  =  E-|f  +  E^g  and  E-]  f  >  Eig  (resp.  E-|  f  >  E^g)  at  every 
point  of  the  real  axis  if  f  >  g  (resp.  f  >  g)  at  every  point  of  its 
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finite  domain.   Let  T  be  the  transformation  which  maps  each  function 
f  (U"! , . . .  ,Uf^)  defined  on  D  into  the  vector-valued  function  (Tf)(uT) 
defined  by 

(Tf)(ui )  (u2,  . .  ..u^)  =  f(u-|  ,  . . .  ,Ur^)  ; 

here     it  should  be  understood  that  the  values  (Tf)(ui)   lie  in  the  space 
Ej^_-]   of  real-valued  functions  on  the  domain 


D2   =  {u(2) u(,2)}   ,   _^   ,    ^n) ^^n)} 


Let  E^_i  be  the  inductively  defined  extension  operator  which  transforms 
functions  in  E^_i  into  real-valued  functions  defined  on  all  of  R^^"  , 
and  put 


(*)  (V)   =  Ei(En-T(Tf(.)))    , 

where  E^_i(Tf('))  simply  denotes  the  function  whose  value  at  u-|   is 
E^_l(Tf(u-| )) .   Then  it  plainly  follows  by  induction  that  E^^Cf+g)  =  Ej^f 

+   E^g  ,    and    (E^f )  (x-| ,  . . .  ,Xf^)    >    (E^gJCxi x^)    (resp. 

(E^f)(xi,...,Xn)   >  (E^f)(xT,...,Xf^))  for  ail  (x^  ,  . . .  .x^)  £  R'^  if 

f(u-i u^)  >  g(u-| u^)    (resp.  f(ui,...,Un)  >  g(u-|  , . . .  .u^) )  for 

all  (u-i , . .  .,u^)   6.  D. 

Next  suppose  that  f  (u-j , . . .  .u^^)  ^  fCv-] v^^)  (resp.  f(ui,...,Un) 

>  f(vi ,  .  ..,Vf^))  for  any  two  distinct  (u-| u^)  e  D,   (v-] ,  . . .  ,Vf^)  t  D 

such  that  Yj_  >  Uj_  >  v^^  >  Xj^  for  all  i  =  1,...,n.  They  by  induction 
(E^_lTf(ui))(y2,...,yn)      ^      (E^-i  Tf  )(ut  )  (x2,  •  • .  .x^^)      (resp. 
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(En-lTf(ui))(y2, ...,yn)  >  (E^-iTf (u^ ) ) (x2, . . . .x^) )  for  each 
u-]  e  {u^^\  . . .  ,u^^  M  and  any  two  distinct  {^2, . . .  ,x^)  e  r"~^  , 
(72.  •••.yn)  ^  ^""^  such  that  Y^  >  u^  >  X^  ,  and  Y^  >  yi  >  x^  >_  Xj_  for 
all  i  =  2,...,n.  It  follows  at  once  from  the  definition  of  E-|  and  from 
(*)  that  (E^f)(xi  ,y2,  ...,yn)  ^  (E^^f  )(x-|  ,X2, . .  ..x^)  (resp. 
(Ej^f  )(x-i  ,y2, . .  ..y^)   >  (Ej^f  )(x-|  ,X2, . . .  .Xj^))  for  any   two   distinct 

(x2,...,Xy)  e  R^~\      {.Yz yxO   ^   ^"'^  and  any  x-|  such  that  Y-|  >  x-|  > 

X-]  and  Yj_  >  yj_  >  Xj_  >  Xj^  for  i  =  2,...,n,   A  similar  argument  shows 
that  {^f){Y\,--.,YrO   ^   (Enf)(xi,. 


all  i  =  l,...,n,  and  that  (E^f)(yi 
Y^  >  y^  >  Xj_  >  X-L  for  all  i  =  1  , . 
distinct,  provided  that  f(u-|,.. 
distinct  (ui,..,,Un)  e  D,   (v-|,.. 


.,Xf^)  whenever  Y^  ^  y^  ^  Xj_  >  Xj_  for 
...,Y^)   >  (E^f  )(x-| , . . .  ,Xj^)  whenever 

.,n  and  (y-| y^^),  (x-|,...,x^)  are 

,Uf^)  >  f  (vi , . . .  ,Vf^)  for  any  two 
,Vf^)  e  D  such  that  Yj_  >  Uj_  >  v^  >  Xj_ 


for  all  i  =  l,...,n.  This  completes  the  proof  of  Lemma  4.2,  and  with 
it  the  decidability  of  the  theory  RMMCF.  Q.E.D. 

Summarizing  we  have 

Theorem  4.3.   The  theory  RMMCF  is  decidable. 

Remark.  RMMCF  remains  decidable  even  in  the  presence  of  slightly  more 
general  kind  of  up,  strict_up  predicates.  More  precisely  consider  a 
predicate  monotone(f  ;a-]  :x-|  ,yi  ;  ...;  ^n^x^.y^^)  involving  a  function 
variable  f,  real  variables  x-|,...,Xj^,  yi,...,y^  ,  and  constants 
a-],...,a^  which  can  take  the  values  'up',  'strict_up',  'down', 
'strict_down'.  By  def inition  monotone(f  ;ai  :x-|  ,y-|  ;  ...;  Si^-^n^^^r])     ^^ 

satisfied  if  for  every  i  t  {1 n}  and  every  5,n  (^  [x-]  ,y-|  j  x  . . .  x 

Lx^,y^]  such  that  E,^   <  m  and  Cj  =  rij  if  j  '^  i.  the  condition 
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strict 
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I  >  J 


(Mf)(n) 


Much  the  same  construction  as  above  allows  us  to  prove  that  the  theory 
RMMCF  extended  to  allow  this  more  general  predicate  'monotone'  remains 
decidable. 
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5.   Totally  and  partially  ordered  sets  with  monotone  functions. 

In  this  section  we  take  up  a  more  abstract  problem  suggested  by 
the  preceding  considerations.  More  specifically,  we  consider  two 
elementary  theories  of  partially  and  totally  ordered  sets,  beginning 
with  the  'theory  of  totally  ordered  sets  with  monotone  functions'. 
This  theory  allows  individual  variables  x,y,...  which  take  elements  of 
a  totally  ordered  set  S  as  values,  and  also  variables  denoting 
(monotone)  functions  fi,f2,...  which  are  modeled  by  functions  defined 
on  S  and  assuming  values  in  S.  More  formally 

Definition  5. 1 .   Terms  of  the  'theory  of  totally  ordered  sets  with 
monotone  functions'  (TOSMF)  are: 
(i)   individual  variables; 

(ii)  expressions  of  the  form  f(t),  where  f  is  a  function  variable  and 
t  is  a  term. 

Definition  5.2.   The  atomic  formulas  of  TOSMF  are  obtained  as  follows: 
(i)   if  t-]  and  t2  are  terras,  then  t]   =  t^  ,  t-|  <  t2  are  atomic 

formulas ; 
(ii)  if  f  IS  a  function  variable,  then  up(f),  strict_up(f ) ,  down(f), 

strict_down(f )  are  atomic  formulas. 
The  theory  TOSMF  is  then  the  Boolean  closure  of  the  set  of  atomic 
formulas  defined  above. 

Let  (})  be  a  formula  of  the  theory  TOSMF. 

Definition  5.  3.   An  interpretation  M  with  domain  D  is  said  to  satisfy  <p 

if: 

(i)   D  is  a  totally  ordered  set; 


iiT. 


(ii)     for  every  individual  variable  x  in  (J),  Mx  t  D; 

(iii)  for     every     function     variable  f  occurring  in  f ,  Mf  is  a  function 

from  D  to  D; 
(iv)     the  formula  Mcj)  obtained  fran  (p  by  substituting     every     individual 
variable     x  by  Mx  and  function  variable  f  by  Mf  is  true.     Here  it 
should  be  understood  that 
(iv-i)  up(f)    (resp.     strict_up(f ) )   is  true  in  the     interpretation 
M     if     and     only  if  Mf  is  a  nondecreasing  (resp.     strictly 
increasing)  function. 
(iV2)  down(f)        (resp.         strict_down(f ) )       is       true       in       the 
interpretation    M     if     and     only     if  Mf  is  a  nonincreasing 
(resp.     strictly  decreasing)  function. 
Using  a  normalization  process  like  that  described  in  Section  2,      it     is 
easy     to     show  that  the  satisfiability  problem  for  the  theory  TOSMF  can 
be  reduced  to  the  satisfiability  problem  for  sets     of     conjunctions     of 
literals  each  of  which  has  one  of  the  following  forms: 
«)  x  <  y 

(=)  x  =  y 

(f)  X  =  f(y) 

(u-d)  up(f) ,   down(f ) 

(strict)         strict_up(f ) ,   strict_down(f ) 
(    |u-d)         ~|up(f),  ~|down(f) 
(    I  strict)      |strict_up(f ) ,      | strict_down(f ) . 

Let     4)  be  a  conjunction  of  literals  of  the  types   (<,    =,   f,  u-d,   strict, 

I  u-d,      I  strict).      As  usual  we  can  easily  eliminate     clauses     in     (J)     of 

types   (    I u-d,      [strict),   and  thus  can  assume  that  no  clause  of  the  type 

(    I  u-d,      I  strict)  occurs  in  9.     We  will     show     that     (p     is     satisfiable 
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(according  to  the  satisfiability  definition  given  above)  if  and  only  if 
(})  has  a  real  model,  that  is  a  model  whose  domain  is  the  real  axis  i 
with  the  standard  order  in  it.  Plainly  any  real  model  is  a  model  of  9. 
Conversely,  assume  that  M  is  a  model  of  <p.  Then  a  real  model  of  <p  can 
be  built  as  follows.  Let  T  =  {Mx|x  occurs  in  4)}  u  {(Mf)(Mx)|f,  x  occur 
in  <p} .  Clearly  T  is  a  totally  ordered  finite  subset  of  the  domain  D  of 
M.  Hence  T  can  be  embedded  in  E.  Let  I:  T  -<•  E  be  such  an  embedding. 
For  any  individual  variable  x  occurring  in  4),  put 

M*x  =  I(Mx) 
Moreover  with  any  function  variable  f  occurring  in  $,  we  associate  a 
function  F:  {M  x|x  occur  in  9}  ->■  E  defined  by 

F(M*x)  =  I((Mf)(Mx)). 
We  begin  by  showing  that  if  up(f)  is  a  conjunct  of  <p,  then  F  is 
monotone  nondecreasing  on  {M  x|x  occurs  in  (j)}.  Indeed,  let  M  x^  1  M  X2 
for  some  pair  of  variables  x-]  ,  X2  occurring  in  (Jj.  Then  Mx-|  = 
rUM*XT)  <  r''(M*X2)  =  MX2  ,  SO  that  FCM^x^)  =  I((Mf)(MxT))  < 
I((Mf)(Mx2))  =  F(M*X2).  Similarly  it  follows  that  if  strict_up(f ) , 
down(f),  or  strict_down(f )  appear  in  (}),  then  F  is  monotone  increasing, 
nonincreasing  or  decreasing  (respectively).  Therefore  F  can  be 
extended  to  an  everywhere  continuous  function  F  in  such  a  way  that  if 
up(f),  strict_up(f ) ,  down(f),  strict_down(f )  occur  in  <p,  then  F  is 
respectively  monotone  nondecreasing,  increasing,  nonincreasing  or 
decreasing.  Finally  we  put  M*f  =  F,  for  any  function  variable  f 
occurring  in  <^.  It  then  is  an  easy  matter  to  verify  that  M  is  a  real 
model  of  9.  Hence  the  decidability  of  the  theory  TOSi^  follows  frcm 
Theorem  3.^. 

Therefore  we  have 
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Theorem  5.^.   The  theory  TOSMF  is  decidable. 

Next  we  consider  the  somewhat  different  theory  of  partially 
ordered  sets  with  (monotone)  functions  (POSMF)  and  show  that  its 
satisfiability  problem  is  decidable  also.  More  precisely  we  will  refer 
to  those  partially  ordered  sets  in  which  any  two  elements  have  both  a 
lower  and  an  upper  bound.  The  syntax  of  the  theory  POSMF  is  the  same 
as  the  one  of  the  theory  TOSMF,  with  the  only  exception  that  no 
'strict'  predicate  is  allowed  in  this  case.  Moreover  we  define 
satisfiability  as  follows. 

Definition  5.5.    Let  4)  be  a  formula  of  the  theory  POSMF.   An 

interpretation  M  with  domain  D  is  said  to  satisfy  (f)  if: 

(i)   D  is  a  partially  ordered  set  such  that  any  two  elements  in  D  have 

both  a  lower  and  an  upper  bound,  and  in  which  the  relationship  x 

^  y  <  X  implies  that  x  =  y. 
(ii)  for  every  individual  variable  x  in  <}>,  Mx  e  D; 
(iii)  for  every  function  variable  f  occurring  in  $,  Mf  is  a  function 

from  D  to  D; 
(iv)  the  formula  Mij)  obtained  from  4)  by  replacing  x  by  Mx  and  f  by  Mf , 

wherever  an  individual  variable  x  or  a  function  variable  f  occurs 

in  (j),  is  true,  and  where  we  agree  that 

up(f)   (resp.   down(f))  is  true  in  the  interpretation  M  if  and 

only  if  Mf  is  a  monotone  nondecreasing  (resp.   nonincreasing) 

function; 
Normalizing  as  before  the  satisfiability  problem  for  the  theory  POSMF 
is  easily  reduced  to  the  satisfiability  problem  for  sets  of  literals  of 
the  form 
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(<)  X  £  y 

U)  X  _^  y  (i.e.  ~|  (x  <  y)) 

(=)  X  =  y 

(^)  X  ^  y 

(f)  X  =  f(y) 
(u-d)      up(f),  down(f) 

(~|u-d)  |up(f),  ~|down(f)  . 

Moreover,  since  clauses  (  |u-d)  can  be  eliminated  quite  easily  (cf. 
the  simplification  step  1  of  the  preceding  section)  we  can  further 
restrict  our  attention  to  conjunctions  of  literals  of  the  type  (<_)  - 
(u-d).  Hence  let  (j)  be  such  a  conjunction.  Let  i{)-|  be  the  formula 
obtained  fron  ^   after  execution  of  the  following 

Simplification  Step. 

(a)  For  every  pair  of  clauses  of  (p  of  the  form  x  =  f  (y) ,  x'  =  f(y') 
add  the  formula  y  =  y'  ^  x  =  x' 

(b)  For  every  triple  of  clauses  of  ip  of  the  form  up(f)  (resp. 
down(f)),  x  =f(y),  x'  =  f(y' )  add  the  formula  y  <  y'  ->  x  <_  x' 
(resp.  y  <_  y '  ->■   x'  £  x) . 

(c)  For  every  quadruple  of  clauses  of  cf)  of  the  form  up(f),  down(f),  x 
=  f(y),  x'  =  f(y')  add  the  formula  x  =  x'. 

(d)  Drop  all  clauses  of  $  involving  function  variables. 

Clearly  any  model  of  ij)  is  also  a  model  of  (p^  ,  since  formulas  added  by 
the  simplification  substeps  (a),  (b)  and  (c)  are  consequences  of  (p. 
For  example,  by  (i)  of  Definition  5.5  it  follows  that  any  function 
which  is  both  increasing  and  decreasing  must  be  a  constant  function. 


,a  :-  ... 
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which  shows  the  correctness  of  substep  (c).  Let  $■]  be  the  formula 
obtained  from  (fi  by  replacing  every  occurrence  of  the  relation  symbols 
<i,     i       with   c   and   ^  respectively,  where  c  is  the  ordinary  set 
inclusion  symbol. 

We  will  now  show  that  if  (fi  has  a  partially  ordered  model,  then  ^i 
has  a  set  model  defined  as  follows: 

Definition  5.6.   An  interpretation  M  with  domain  D  is  a  set  model  of  $-| 

if 

(i)   there  is  a  set  3  such  that  D  =  pow(S)  (where  pow(S)  is  the  set  of 

all  subsets  of  S) ; 
(ii)  for  every  individual  variable  x  in  $i  ,  mx  e  D; 
(iii)  the  formula  M  $i  obtained  from  0-|  by  replacing  x  by  Mx  for  each 

individual  variable  x  occuring  in  $^  is  true. 

To  prove  our  assertion,  let  M  be  a  partially  ordered  model  of  (J)-] 
having  domain  S.  We  will  build  a  set  model  M  of  $-|  with  domain  D  = 
pow(S).  Let  h:  S  -»•  pow(S)  be  the  mapping  defined  by  h(s)  =  {ttS|t_<s} 
(where  <_  is  the  order  relation  in  S) .  For  every  individual  variable  x 
in  9i  ,  we  put 

Mx  =  h(Mx)  . 

Let  X  c  y  be  a  clause  of  $i  .  Then  x  <_  y  is  a  clause  in  (p]  ,  and  since 
Mx  <_  My,  it  follows  by  the  transitivity  of  <_  and  the  definition  of  h:  S 
-»  pow(S)  that  h(Mx)  £h(My),  i.e.  Mx  CMy.  Therefore  M  satisfies  all 
literals  in  $i  of  the  type(^  ).  Similarly  it  can  be  shown  that  M  also 
satisfies  all  literals  in  i^^  of  the  remaining  types  including  the 
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implicative  clauses  introduced  in  step  (a)  and  (b),  which  proves  that  M 
is  a  set  model  of  $i  . 

Moreover  any  set  model  M  of  $i  can  be  used  to  define  a  partially- 
ordered  model  M  of  (p.  Indeed,  the  relation  c  is  a  partial  order  of 
the  domain  D  =  pow(S)  of  M,  so  that  all  literals  in  (p  of  the  form  (<, 
i,  =,  ^)  are  correctly  modeled  by  M  if  ^  is  interpreted  as  set 
inclusion,  and  clearly  x  n  y  and  x  u  y  are  respectively  a  lower  and  an 
upper  bound  of  x,y  e  D.  Hence  all  we  need  to  do  in  order  to  get  a 
model  of  (^  is  to  extend  M  to  function  variables  in  such  a  way  that 
clauses  of  types  (f ,u-d)  are  correctly  modeled  too. 

For  every  function  variable  f  occurring  in  $  for  which  up(f ) 
occurs  in  (j  while  down(f )  does  not  occur  in  $,  and  for  any  s  e  S,  put 


(5.1)  (Mf)(s)  =  u   MX 
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where  Ag  =  {xjx  =  f(y)  occurs  in  ^   and  Kiy  £s}. 

For  every  function  variable  f  occurring  in  (p     for  which  down(f) 
occurs  in  (p   while  up(f)  does  not  occur  in  (p,   and  for  any  s  e  S,  put 


(5.2)  (Mf)(s)  =  n   MX 

X!lA„ 


If  both  up(f)  and  down(f)  occur  in  <p,   put 


(5.3)  (Mf)(s)  =  Mx  , 


for  some  x  =  f(y)  occurring  in  (p.     Observe  that  (5-3)  does  not  depend 
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on  the  clause  x  =  f (y)  chosen  since  by  the  Simplification     Substep     (c) 
Mx     =     Mx'    if  both  X  =  f(y)  and  x'   =  f(y)   occur  in  (p.      If  neither  up(f) 
nor  down(f )  occurs  in  <p,   define  Mf  to  be  any  extension  to  the  whole    of 
D  of  the  set-to-set  mapping  F,  defined  by 

F(My)    =  Mx     if     x  =  f(y)  occurs  in  (}>. 
(Note     that     by     the     Simplification     Substep  (a),     this     definition  is 
legal.)   Plainly  if  neither  up(f)  nor  down(f)  occurs  in  (p,     all     clauses 
of  type   (f)  are  satisfied  by  this  definition. 

We  must  show  that  if  up(f)  is  in  4)  but  down(f)  does  not  occur  in 
(j),  then  Mf  is  monotone  nondecreasing,  with  respect  to  the  relation  c  . 
To  this  end,  let  s,t  e  S,  such  that  s  £  t.  Clearly  Ag  c  a^  ,  and 
therefore  by  (5.1) 

(Mf)(s)    =     u     MX  C      U     MX   =  (Mf)(t)    , 
X&A  xtA^ 

which  shows  that  Mf  is  monotone  nondecreasing.  Next,  suppose  that 
up(f)  occurs  in  (p  and  that  x'  =  f(y')  is  a  literal  of  <}).  To  be  sure 
that  all  type  (f )  clauses  are  satisfied  in  this  case  also  we  must  prove 
that  (Mf)(My')  =  Mx' .  Let  x  =  f(y)  be  any  literal  in  cj)  such  that 
My  c  My'.  Since  $i  contains  the  conjuncts  y  £  y'  -►  x  ^  x'  and  y  =  y'  -► 
x=  x'  (which  are  introduced  into  (p-^  by  the  Simplification  Substeps  (b) 
or  (a)),  it  follows  thatMx  cmx'.  This  shows  that  (Mf)(My')  c^x'. 
However,  (Mf)(My')  ^  Mx',  since  x'  =  f(y')  occurs  in  (p  and  My'  _CMy'. 
Thus  (Mf)(My')  =  My'. 

A  very  similar  argument  shows  that  if  down(f )  occurs  in  <t>  but 
up(f)  does  not,  then  (5.2)  correctly  models  both  the  statement  down(f) 
and  all  clauses  x  =  f(y)  involving  the  function  variable  f .   The  case 


in  which  both  up(f)  and  down(f )  occur  in  <p  is  even  easier.  Taken  all 
together,  this  shows  that  M  models  the  set  (p   of  statements  correctly. 

It  follows  that  (f)  is  satisfiable  if  and  only  if  $i  has  a  set 
model.  Since  $^  is  a  trivial  subset  of  the  decidable  theory  MLS  (see 
[FOS  80],  cf.  also  [Qui50]),  we  can  conclude  that 

Theorem  5.7.  The  theory  POSMF  is  decidable. 
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